What is HTTPS and why should you consider the switch?

Posted 2 years ago

What is HTTP?

HTTP or HyperText Transfer Protocol as it’s also known, is one of the most fundamental elements of the world wide web. Your web browser uses this to communicate with the server where a website is hosted. This allows responses to be sent between yourself (the client), and the server, which gives you the ability to access different websites.

When you’ve clicked on a site you’ve probably noticed that the website address is prefixed by HTTP, for example “http://barberriley.com”.

S stands for?

Secure.

The S added to the end of HTTP creating HTTPS, shows you that the particular site you’re visiting has been given the internet’s standard for secure communication between your browser and any webserver. This adds an extra layer of security to your web browsing, which ultimately allows authentication of the website which you are visiting.

Sites which use HTTPS are most often indicated by green text and a lock symbol in the address bar. For example [insert image of https symbol]

What do you benefit from by using HTTPS?

Ultimately the main benefit you will see from using HTTPS is that it makes your website more secure for your users. If you’re wanting your user to supply any information while visiting your site, HTTPS gives them the confidence to do so, as they know this is secure. If credit card details or any other bits of personal information are required at any point, HTTPS is essential.

HTTPS has the ability to provide multiple layers of protection to the data a user submits.

Encryption - For anyone who manages to somehow intercept it, the data is useless without the key to decrypt it, which is what you have!
Data integrity - The data can’t be corrupted.
Authentication - It prevents the ability of “man in the middle attacks”. Meaning it’s not possible for someone to trick your users into thinking they are providing their details to you when in actual fact they’re handing them to a scammer.

Who uses HTTPS and should I?

You have probably visited a website which uses HTTPS without necessarily noticing. Any site which requires information to be given and/or payment methods have always used this secure protocol. for example Paypal or online banking.

Other websites are using HTTPS in order to protect page authenticity, secure your account and encrypt communication.

If you’re running a blog and simply only require a user’s email address in order to sign up to newsletters etc. then HTTPS may not be something you require for security reasons. However, if you’re accepting payment methods of any sort or any other personal information, HTTPS is something you should consider in order to make your user’s experience using your website a more secure one.

How to implement HTTPS

Step one
In order to use HTTPS you need to install a SSL certificate (the protocol that HTTPS uses). There are three different certificates in which you can get:

Domain validation - This is the cheapest option which covers the basic encryption.
Organisation validation - If you’re collecting any personal information from your user then you need to implement at least this SSL certificate.
Extended validation - This provides the highest level of security from HTTPS which is the option most large companies who deal with a high influx of personal data will use.

Step two
Create a URL map of your site and redirect.

You need to create copies of all your site’s pages and make redirects to the new ones. This can be quite a long process to do, but it’s a vital part of making the switch.

Step three
Update your internal links.

if you have internal links within your website, then it’s important these are all redirected too.

Step four
Update images and other links

Step five
Add your site again in WMT

You’ll want to start Google crawling your website as soon as possible to limit any traffic being affected. With the HTTPS your website is now classed as an entirely new site so you need to re-add your site to Google Webmaster tools.

Step six
Test your site.

Now that you’ve completed the transition, it’s a good idea to test everything to make sure it all went smoothly.

What are the risks of switching?

For large sites, any changes to URLs is risky business, but by weighing up your options you will be able to decide whether or not it’s the right move for you. Think about the time, money and the risk of making the switch against the algorithmic boost you website will gain before making the decision. Google have announced that they will not be penalising anyone for making the switch.